{"uuid": "ea1969af-72c8-4a49-85d1-83dd1313c49a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1285", "type": "seen", "source": "https://t.me/cibsecurity/11992", "content": "ATENTION\u203c New - CVE-2018-1285\n\nApache log4net before 2.0.8 does not disable XML external entities when parsing log4net configuration files. This could allow for XXE-based attacks in applications that accept arbitrary configuration files from users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-11T20:59:26.000000Z"}